secureVirtual needed a supplier-partner to provide multi-factor authentication as part of our wider cyber security strategy offering to customers, and to replace an existing service.
The commercial considerations:
One of the key factors in the selection process was that the application had to be unobtrusive and intuitive – i.e. easy to use for the end-users such that it did not generate an additional support overhead.
In addition to this, the solution needed to be ‘fit for purpose’ for both existing and future customers, as well as being compliant with a variety of regulations for various industries but particularly the Financial Services industry, where secureVirtual specialise.
Additionally, we were looking for a supplier who was well-funded with a good research & development roadmap and who delivered their product on a simple reseller model, ideally per user per month, and with flexibility to add new users co-termed to existing contracts, and to remove users without financial consequence.
Finally, the chosen supplier had to offer great support, be easily contactable and the product needed to be cost competitive such that it would not be a barrier to customers choosing to improve their security.
The selection process:
Once we established our needs, we set about reviewing suitable suppliers: researching online; participating in various specialist forums; and speaking with existing supplier contacts to understand their offerings or seek recommendations. From this we shortlisted 10 possible suppliers offering products in this space, but shortly this was whittled down to three, by applying our requirements criteria in priority order against each of the suppliers. The top three suppliers’ products were then trialled extensively, in-house, and from that testing, we chose Duo.
We chose Duo because they ticked the most boxes from our stated requirements and we ran a successful trial using their product. We now have numerous customers using the service and will be rolling out to many more.
Duo two-factor authentication (2FA) is very easy to use. We can whitelist customer office machines if we want to (i.e. certain users or all office domain PCs) but for the majority of users, including laptop and remote workers, we chose the Duo Push method – a simple smart-phone app, which works on all phones. The user sees an alert on their mobile screen (even when locked) and they simply tap the green box to confirm that it is them, or the red box if they get the alert and it is not them (followed by a call to IT Support in case an imposter is trying to access their session).
For those without a smartphone or for workers who do not want to use a BYOD device, then Duo can support a wide range of methods to support 2FA including: U2F (Universal 2nd Factor – e.g. Yubikey Neo), Bypass Codes, Phone Callback (to any chosen number), Security Tokens and SMS Passcodes.
On top of a simple-to-use application with an easy setup process, we found the Duo team to be proactive and knowledgeable.
If you would like to hear more about 2FA, or specifically the Duo service, please don’t hesitate to get in touch!